CVE-2024-45506

Name of the Vulnerable Software and Affected Versions HAProxy versions 2.9.x through 2.9.9 HAProxy versions 3.0.x through 3.0.3 HAProxy versions 3.1.x through 3.1-dev6

Description The issue is related to a remote denial of service vulnerability in HAProxy, which can be exploited under certain conditions. This vulnerability has been exploited in the wild. The vulnerability is caused by an endless loop when handling HTTP/2 zero-copy forwarding, which can lead to service disruptions and system crashing.

Recommendations For HAProxy versions 2.9.x through 2.9.9, update to version 2.9.10 or later. For HAProxy versions 3.0.x through 3.0.3, update to version 3.0.4 or later. For HAProxy versions 3.1.x through 3.1-dev6, update to a version later than 3.1-dev6. As a temporary workaround, consider disabling HTTP/2 zero-copy forwarding until a patch is available.